├── var └── mail │ └── vhosts │ └── domain.com │ └── info │ └── nothing ;) ├── etc ├── default │ └── opendkim ├── opendkim │ ├── TrustedHosts │ ├── SigningTable │ └── KeyTable ├── postfix │ ├── mysql-virtual-mailbox-maps.cf │ ├── mysql-virtual-mailbox-domains.cf │ ├── mysql-virtual-alias-maps.cf │ ├── main.cf │ └── master.cf └── dovecot │ ├── dovecot-sql.conf.ext │ ├── conf.d │ ├── auth-sql.conf.ext │ ├── 10-ssl.conf │ ├── 10-master.conf │ ├── 10-auth.conf │ └── 10-mail.conf │ └── dovecot.conf ├── MySQL.svg.png ├── dovecot_logo.png ├── postfix-logo.gif └── README.md /var/mail/vhosts/domain.com/info/nothing ;): -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /etc/default/opendkim: -------------------------------------------------------------------------------- 1 | SOCKET="inet:12301@localhost" 2 | -------------------------------------------------------------------------------- /MySQL.svg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kirilkirkov/postfix-dovecot-mysql/HEAD/MySQL.svg.png -------------------------------------------------------------------------------- /dovecot_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kirilkirkov/postfix-dovecot-mysql/HEAD/dovecot_logo.png -------------------------------------------------------------------------------- /postfix-logo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kirilkirkov/postfix-dovecot-mysql/HEAD/postfix-logo.gif -------------------------------------------------------------------------------- /etc/opendkim/TrustedHosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 2 | localhost 3 | 192.168.0.1/24 4 | 5 | *.example.com 6 | 7 | #*.example.net 8 | #*.example.org 9 | -------------------------------------------------------------------------------- /etc/opendkim/SigningTable: -------------------------------------------------------------------------------- 1 | *@example.com mail._domainkey.example.com 2 | #*@example.net mail._domainkey.example.net 3 | #*@example.org mail._domainkey.example.org 4 | -------------------------------------------------------------------------------- /etc/postfix/mysql-virtual-mailbox-maps.cf: -------------------------------------------------------------------------------- 1 | user = root 2 | password = toor 3 | hosts = 127.0.0.1 4 | dbname = mailserver 5 | query = SELECT 1 FROM virtual_users WHERE email='%s' 6 | -------------------------------------------------------------------------------- /etc/postfix/mysql-virtual-mailbox-domains.cf: -------------------------------------------------------------------------------- 1 | user = root 2 | password = toor 3 | hosts = 127.0.0.1 4 | dbname = mailserver 5 | query = SELECT 1 FROM virtual_domains WHERE name='%s' 6 | -------------------------------------------------------------------------------- /etc/postfix/mysql-virtual-alias-maps.cf: -------------------------------------------------------------------------------- 1 | user = root 2 | password = toor 3 | hosts = 127.0.0.1 4 | dbname = mailserver 5 | query = SELECT destination FROM virtual_aliases WHERE source='%s' 6 | -------------------------------------------------------------------------------- /etc/dovecot/dovecot-sql.conf.ext: -------------------------------------------------------------------------------- 1 | 2 | driver = mysql 3 | connect = host=127.0.0.1 dbname=mailserver user=root password=toor 4 | default_pass_scheme = SHA512-CRYPT 5 | password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; 6 | 7 | -------------------------------------------------------------------------------- /etc/opendkim/KeyTable: -------------------------------------------------------------------------------- 1 | mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private 2 | #mail._domainkey.example.net example.net:mail:/etc/opendkim/keys/example.net/mail.private 3 | #mail._domainkey.example.org example.org:mail:/etc/opendkim/keys/example.org/mail.private 4 | -------------------------------------------------------------------------------- /etc/dovecot/conf.d/auth-sql.conf.ext: -------------------------------------------------------------------------------- 1 | # Authentication for SQL users. Included from 10-auth.conf. 2 | # 3 | # 4 | 5 | passdb { 6 | driver = sql 7 | 8 | # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext 9 | args = /etc/dovecot/dovecot-sql.conf.ext 10 | } 11 | 12 | # "prefetch" user database means that the passdb already provided the 13 | # needed information and there's no need to do a separate userdb lookup. 14 | # 15 | #userdb { 16 | # driver = prefetch 17 | #} 18 | 19 | userdb { 20 | driver = static 21 | args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n 22 | } 23 | 24 | 25 | #have any user-specific settings, you can avoid the user_query 26 | # by using userdb static instead of userdb sql, for example: 27 | # 28 | #userdb { 29 | #driver = static 30 | #args = uid=vmail gid=vmail home=/var/vmail/%u 31 | #} 32 | -------------------------------------------------------------------------------- /etc/dovecot/conf.d/10-ssl.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## SSL settings 3 | ## 4 | 5 | # SSL/TLS support: yes, no, required. 6 | ssl = required 7 | 8 | # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before 9 | # dropping root privileges, so keep the key file unreadable by anyone but 10 | # root. Included doc/mkcert.sh can be used to easily generate self-signed 11 | # certificate, just make sure to update the domains in dovecot-openssl.cnf 12 | ssl_cert = 29 | #service_count = 1 30 | 31 | # Number of processes to always keep waiting for more connections. 32 | #process_min_avail = 0 33 | 34 | # If you set service_count=0, you probably need to grow this. 35 | #vsz_limit = $default_vsz_limit 36 | } 37 | 38 | service pop3-login { 39 | inet_listener pop3 { 40 | #port = 110 41 | } 42 | inet_listener pop3s { 43 | port = 995 44 | ssl = yes 45 | } 46 | } 47 | 48 | service lmtp { 49 | unix_listener /var/spool/postfix/private/dovecot-lmtp { 50 | mode = 0666 51 | user = postfix 52 | group = postfix 53 | } 54 | 55 | # Create inet listener only if you can't use the above UNIX socket 56 | #inet_listener lmtp { 57 | # Avoid making LMTP visible for the entire internet 58 | #address = 59 | #port = 60 | #} 61 | } 62 | 63 | service imap { 64 | # Most of the memory goes to mmap()ing files. You may need to increase this 65 | # limit if you have huge mailboxes. 66 | #vsz_limit = $default_vsz_limit 67 | # Max. number of IMAP processes (connections) 68 | #process_limit = 1024 69 | } 70 | 71 | service pop3 { 72 | # Max. number of POP3 processes (connections) 73 | #process_limit = 1024 74 | } 75 | 76 | service auth { 77 | # auth_socket_path points to this userdb socket by default. It's typically 78 | # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have 79 | # full permissions to this socket are able to get a list of all usernames and 80 | # get the results of everyone's userdb lookups. 81 | # 82 | # The default 0666 mode allows anyone to connect to the socket, but the 83 | # userdb lookups will succeed only if the userdb returns an "uid" field that 84 | # matches the caller process's UID. Also if caller's uid or gid matches the 85 | # socket's uid or gid the lookup succeeds. Anything else causes a failure. 86 | # 87 | # To give the caller full permissions to lookup all users, set the mode to 88 | # something else than 0666 and Dovecot lets the kernel enforce the 89 | # permissions (e.g. 0777 allows everyone full permissions). 90 | unix_listener /var/spool/postfix/private/auth { 91 | mode = 0666 92 | user = postfix 93 | group = postfix 94 | } 95 | 96 | # Postfix smtp-auth 97 | #unix_listener /var/spool/postfix/private/auth { 98 | # mode = 0666 99 | #} 100 | 101 | # Auth process is run as this user. 102 | user = dovecot 103 | } 104 | 105 | service auth-worker { 106 | # Auth worker process is run as root by default, so that it can access 107 | # /etc/shadow. If this isn't necessary, the user should be changed to 108 | # $default_internal_user. 109 | user = vmail 110 | } 111 | 112 | service dict { 113 | # If dict proxy is used, mail processes should have access to its socket. 114 | # For example: mode=0660, group=vmail and global mail_access_groups=vmail 115 | unix_listener dict { 116 | #mode = 0600 117 | #user = 118 | #group = 119 | } 120 | } 121 | -------------------------------------------------------------------------------- /etc/dovecot/dovecot.conf: -------------------------------------------------------------------------------- 1 | ## Dovecot configuration file 2 | 3 | # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration 4 | 5 | # "doveconf -n" command gives a clean output of the changed settings. Use it 6 | # instead of copy&pasting files when posting to the Dovecot mailing list. 7 | 8 | # '#' character and everything after it is treated as comments. Extra spaces 9 | # and tabs are ignored. If you want to use either of these explicitly, put the 10 | # value inside quotes, eg.: key = "# char and trailing whitespace " 11 | 12 | # Most (but not all) settings can be overridden by different protocols and/or 13 | # source/destination IPs by placing the settings inside sections, for example: 14 | # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } 15 | 16 | # Default values are shown for each setting, it's not required to uncomment 17 | # those. These are exceptions to this though: No sections (e.g. namespace {}) 18 | # or plugin settings are added by default, they're listed only as examples. 19 | # Paths are also just examples with the real defaults being based on configure 20 | # options. The paths listed here are for configure --prefix=/usr 21 | # --sysconfdir=/etc --localstatedir=/var 22 | 23 | # Enable installed protocols 24 | !include_try /usr/share/dovecot/protocols.d/*.protocol 25 | 26 | # A comma separated list of IPs or hosts where to listen in for connections. 27 | # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. 28 | # If you want to specify non-default ports or anything more complex, 29 | # edit conf.d/master.conf. 30 | #listen = *, :: 31 | 32 | # Base directory where to store runtime data. 33 | #base_dir = /var/run/dovecot/ 34 | 35 | # Name of this instance. In multi-instance setup doveadm and other commands 36 | # can use -i to select which instance is used (an alternative 37 | # to -c ). The instance name is also added to Dovecot processes 38 | # in ps output. 39 | #instance_name = dovecot 40 | 41 | # Greeting message for clients. 42 | #login_greeting = Dovecot ready. 43 | 44 | # Space separated list of trusted network ranges. Connections from these 45 | # IPs are allowed to override their IP addresses and ports (for logging and 46 | # for authentication checks). disable_plaintext_auth is also ignored for 47 | # these networks. Typically you'd specify your IMAP proxy servers here. 48 | #login_trusted_networks = 49 | 50 | # Space separated list of login access check sockets (e.g. tcpwrap) 51 | #login_access_sockets = 52 | 53 | # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do 54 | # proxying. This isn't necessary normally, but may be useful if the destination 55 | # IP is e.g. a load balancer's IP. 56 | #auth_proxy_self = 57 | 58 | # Show more verbose process titles (in ps). Currently shows user name and 59 | # IP address. Useful for seeing who are actually using the IMAP processes 60 | # (eg. shared mailboxes or if same uid is used for multiple accounts). 61 | #verbose_proctitle = no 62 | 63 | # Should all processes be killed when Dovecot master process shuts down. 64 | # Setting this to "no" means that Dovecot can be upgraded without 65 | # forcing existing client connections to close (although that could also be 66 | # a problem if the upgrade is e.g. because of a security fix). 67 | #shutdown_clients = yes 68 | 69 | # If non-zero, run mail commands via this many connections to doveadm server, 70 | # instead of running them directly in the same process. 71 | #doveadm_worker_count = 0 72 | # UNIX socket or host:port used for connecting to doveadm server 73 | #doveadm_socket_path = doveadm-server 74 | 75 | # Space separated list of environment variables that are preserved on Dovecot 76 | # startup and passed down to all of its child processes. You can also give 77 | # key=value pairs to always set specific settings. 78 | #import_environment = TZ 79 | 80 | ## 81 | ## Dictionary server settings 82 | ## 83 | 84 | # Dictionary can be used to store key=value lists. This is used by several 85 | # plugins. The dictionary can be accessed either directly or though a 86 | # dictionary server. The following dict block maps dictionary names to URIs 87 | # when the server is used. These can then be referenced using URIs in format 88 | # "proxy::". 89 | 90 | dict { 91 | #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext 92 | #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext 93 | } 94 | 95 | # Most of the actual configuration gets included below. The filenames are 96 | # first sorted by their ASCII value and parsed in that order. The 00-prefixes 97 | # in filenames are intended to make it easier to understand the ordering. 98 | !include conf.d/*.conf 99 | 100 | # A config file can also tried to be included without giving an error if 101 | # it's not found: 102 | !include_try local.conf 103 | 104 | #kiro changes 105 | !include_try /usr/share/dovecot/protocols.d/*.protocol 106 | protocols = imap lmtp 107 | -------------------------------------------------------------------------------- /etc/dovecot/conf.d/10-auth.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Authentication processes 3 | ## 4 | 5 | # Disable LOGIN command and all other plaintext authentications unless 6 | # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP 7 | # matches the local IP (ie. you're connecting from the same computer), the 8 | # connection is considered secure and plaintext authentication is allowed. 9 | # See also ssl=required setting. 10 | disable_plaintext_auth = yes 11 | 12 | # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that 13 | # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. 14 | #auth_cache_size = 0 15 | # Time to live for cached data. After TTL expires the cached record is no 16 | # longer used, *except* if the main database lookup returns internal failure. 17 | # We also try to handle password changes automatically: If user's previous 18 | # authentication was successful, but this one wasn't, the cache isn't used. 19 | # For now this works only with plaintext authentication. 20 | #auth_cache_ttl = 1 hour 21 | # TTL for negative hits (user not found, password mismatch). 22 | # 0 disables caching them completely. 23 | #auth_cache_negative_ttl = 1 hour 24 | 25 | # Space separated list of realms for SASL authentication mechanisms that need 26 | # them. You can leave it empty if you don't want to support multiple realms. 27 | # Many clients simply use the first one listed here, so keep the default realm 28 | # first. 29 | #auth_realms = 30 | 31 | # Default realm/domain to use if none was specified. This is used for both 32 | # SASL realms and appending @domain to username in plaintext logins. 33 | #auth_default_realm = 34 | 35 | # List of allowed characters in username. If the user-given username contains 36 | # a character not listed in here, the login automatically fails. This is just 37 | # an extra check to make sure user can't exploit any potential quote escaping 38 | # vulnerabilities with SQL/LDAP databases. If you want to allow all characters, 39 | # set this value to empty. 40 | #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ 41 | 42 | # Username character translations before it's looked up from databases. The 43 | # value contains series of from -> to characters. For example "#@/@" means 44 | # that '#' and '/' characters are translated to '@'. 45 | #auth_username_translation = 46 | 47 | # Username formatting before it's looked up from databases. You can use 48 | # the standard variables here, eg. %Lu would lowercase the username, %n would 49 | # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into 50 | # "-AT-". This translation is done after auth_username_translation changes. 51 | #auth_username_format = %Lu 52 | 53 | # If you want to allow master users to log in by specifying the master 54 | # username within the normal username string (ie. not using SASL mechanism's 55 | # support for it), you can specify the separator character here. The format 56 | # is then . UW-IMAP uses "*" as the 57 | # separator, so that could be a good choice. 58 | #auth_master_user_separator = 59 | 60 | # Username to use for users logging in with ANONYMOUS SASL mechanism 61 | #auth_anonymous_username = anonymous 62 | 63 | # Maximum number of dovecot-auth worker processes. They're used to execute 64 | # blocking passdb and userdb queries (eg. MySQL and PAM). They're 65 | # automatically created and destroyed as needed. 66 | #auth_worker_max_count = 30 67 | 68 | # Host name to use in GSSAPI principal names. The default is to use the 69 | # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab 70 | # entries. 71 | #auth_gssapi_hostname = 72 | 73 | # Kerberos keytab to use for the GSSAPI mechanism. Will use the system 74 | # default (usually /etc/krb5.keytab) if not specified. You may need to change 75 | # the auth service to run as root to be able to read this file. 76 | #auth_krb5_keytab = 77 | 78 | # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and 79 | # ntlm_auth helper. 80 | #auth_use_winbind = no 81 | 82 | # Path for Samba's ntlm_auth helper binary. 83 | #auth_winbind_helper_path = /usr/bin/ntlm_auth 84 | 85 | # Time to delay before replying to failed authentications. 86 | #auth_failure_delay = 2 secs 87 | 88 | # Require a valid SSL client certificate or the authentication fails. 89 | #auth_ssl_require_client_cert = no 90 | 91 | # Take the username from client's SSL certificate, using 92 | # X509_NAME_get_text_by_NID() which returns the subject's DN's 93 | # CommonName. 94 | #auth_ssl_username_from_cert = no 95 | 96 | # Space separated list of wanted authentication mechanisms: 97 | # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey 98 | # gss-spnego 99 | # NOTE: See also disable_plaintext_auth setting. 100 | auth_mechanisms = plain login 101 | 102 | ## 103 | ## Password and user databases 104 | ## 105 | 106 | # 107 | # Password database is used to verify user's password (and nothing more). 108 | # You can have multiple passdbs and userdbs. This is useful if you want to 109 | # allow both system users (/etc/passwd) and virtual users to login without 110 | # duplicating the system users into virtual database. 111 | # 112 | # 113 | # 114 | # User database specifies where mails are located and what user/group IDs 115 | # own them. For single-UID configuration use "static" userdb. 116 | # 117 | # 118 | 119 | #!include auth-deny.conf.ext 120 | #!include auth-master.conf.ext 121 | 122 | #!include auth-system.conf.ext 123 | !include auth-sql.conf.ext 124 | #!include auth-ldap.conf.ext 125 | #!include auth-passwdfile.conf.ext 126 | #!include auth-checkpassword.conf.ext 127 | #!include auth-vpopmail.conf.ext 128 | #!include auth-static.conf.ext 129 | -------------------------------------------------------------------------------- /etc/postfix/master.cf: -------------------------------------------------------------------------------- 1 | # 2 | # Postfix master process configuration file. For details on the format 3 | # of the file, see the master(5) manual page (command: "man 5 master" or 4 | # on-line: http://www.postfix.org/master.5.html). 5 | # 6 | # Do not forget to execute "postfix reload" after editing this file. 7 | # 8 | # ========================================================================== 9 | # service type private unpriv chroot wakeup maxproc command + args 10 | # (yes) (yes) (no) (never) (100) 11 | # ========================================================================== 12 | smtp inet n - y - - smtpd 13 | #smtp inet n - y - 1 postscreen 14 | #smtpd pass - - y - - smtpd 15 | #dnsblog unix - - y - 0 dnsblog 16 | #tlsproxy unix - - y - 0 tlsproxy 17 | submission inet n - y - - smtpd 18 | -o syslog_name=postfix/submission 19 | -o smtpd_tls_security_level=may 20 | -o smtpd_sasl_auth_enable=yes 21 | # -o smtpd_reject_unlisted_recipient=no 22 | # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 23 | # -o smtpd_helo_restrictions=$mua_helo_restrictions 24 | # -o smtpd_sender_restrictions=$mua_sender_restrictions 25 | # -o smtpd_recipient_restrictions= 26 | # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject 27 | # -o milter_macro_daemon_name=ORIGINATING 28 | #smtps inet n - y - - smtpd 29 | # -o syslog_name=postfix/smtps 30 | # -o smtpd_tls_wrappermode=yes 31 | # -o smtpd_sasl_auth_enable=yes 32 | # -o smtpd_reject_unlisted_recipient=no 33 | # -o smtpd_client_restrictions=$mua_client_restrictions 34 | # -o smtpd_helo_restrictions=$mua_helo_restrictions 35 | # -o smtpd_sender_restrictions=$mua_sender_restrictions 36 | # -o smtpd_recipient_restrictions= 37 | # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject 38 | # -o milter_macro_daemon_name=ORIGINATING 39 | #628 inet n - y - - qmqpd 40 | pickup unix n - y 60 1 pickup 41 | cleanup unix n - y - 0 cleanup 42 | qmgr unix n - n 300 1 qmgr 43 | #qmgr unix n - n 300 1 oqmgr 44 | tlsmgr unix - - y 1000? 1 tlsmgr 45 | rewrite unix - - y - - trivial-rewrite 46 | bounce unix - - y - 0 bounce 47 | defer unix - - y - 0 bounce 48 | trace unix - - y - 0 bounce 49 | verify unix - - y - 1 verify 50 | flush unix n - y 1000? 0 flush 51 | proxymap unix - - n - - proxymap 52 | proxywrite unix - - n - 1 proxymap 53 | smtp unix - - y - - smtp 54 | relay unix - - y - - smtp 55 | # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 56 | showq unix n - y - - showq 57 | error unix - - y - - error 58 | retry unix - - y - - error 59 | discard unix - - y - - discard 60 | local unix - n n - - local 61 | virtual unix - n n - - virtual 62 | lmtp unix - - y - - lmtp 63 | anvil unix - - y - 1 anvil 64 | scache unix - - y - 1 scache 65 | # 66 | # ==================================================================== 67 | # Interfaces to non-Postfix software. Be sure to examine the manual 68 | # pages of the non-Postfix software to find out what options it wants. 69 | # 70 | # Many of the following services use the Postfix pipe(8) delivery 71 | # agent. See the pipe(8) man page for information about ${recipient} 72 | # and other message envelope options. 73 | # ==================================================================== 74 | # 75 | # maildrop. See the Postfix MAILDROP_README file for details. 76 | # Also specify in main.cf: maildrop_destination_recipient_limit=1 77 | # 78 | maildrop unix - n n - - pipe 79 | flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} 80 | # 81 | # ==================================================================== 82 | # 83 | # Recent Cyrus versions can use the existing "lmtp" master.cf entry. 84 | # 85 | # Specify in cyrus.conf: 86 | # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 87 | # 88 | # Specify in main.cf one or more of the following: 89 | # mailbox_transport = lmtp:inet:localhost 90 | # virtual_transport = lmtp:inet:localhost 91 | # 92 | # ==================================================================== 93 | # 94 | # Cyrus 2.1.5 (Amos Gouaux) 95 | # Also specify in main.cf: cyrus_destination_recipient_limit=1 96 | # 97 | #cyrus unix - n n - - pipe 98 | # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} 99 | # 100 | # ==================================================================== 101 | # Old example of delivery via Cyrus. 102 | # 103 | #old-cyrus unix - n n - - pipe 104 | # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} 105 | # 106 | # ==================================================================== 107 | # 108 | # See the Postfix UUCP_README file for configuration details. 109 | # 110 | uucp unix - n n - - pipe 111 | flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) 112 | # 113 | # Other external delivery methods. 114 | # 115 | ifmail unix - n n - - pipe 116 | flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) 117 | bsmtp unix - n n - - pipe 118 | flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient 119 | scalemail-backend unix - n n - 2 pipe 120 | flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} 121 | mailman unix - n n - - pipe 122 | flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py 123 | ${nexthop} ${user} 124 | 125 | policy-spf unix - n n - - spawn 126 | user=nobody argv=/usr/bin/policyd-spf 127 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # How to Setup Postfix Mail Server on Ubuntu 16.04 (Dovecot - MySQL) 2 | ![alt text](https://raw.githubusercontent.com/kirilkirkov/postfix-dovecot-mysql/master/postfix-logo.gif "Postfix Logo") 3 | ![alt text](https://raw.githubusercontent.com/kirilkirkov/postfix-dovecot-mysql/master/MySQL.svg.png "Postfix Logo") 4 | ![alt text](https://raw.githubusercontent.com/kirilkirkov/postfix-dovecot-mysql/master/dovecot_logo.png "Postfix Logo") 5 | 6 | Only configuration for mail server (+ SPF and DKIM authentication to prevent spam) 7 | 8 | ## How to install this services 9 | - sudo apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql 10 | - Choose **Internet site** 11 | - Set domain for mail server 12 | - Note: Must have installed mysql before that. Find article on google how to install it 13 | 14 | ## What is uploaded and what I do? 15 | There are uploaded directory structure and files for ubuntu server correct postfix configuration. Copy and paste this directories and files to your server. 16 | 17 | ## Some ubuntu settings 18 | Add user fot vhosts directory: 19 | - groupadd -g 5000 vmail 20 | - useradd -g vmail -u 5000 vmail -d /var/mail 21 | - chown -R vmail:vmail /var/mail 22 | 23 | Other user rights: 24 | - chown -R vmail:dovecot /etc/dovecot 25 | - chmod -R o-rwx /etc/dovecot 26 | 27 | ## SQL Tables 28 | After make installation of postfix, dovecot and mysql and set correct connection to mysql server you need to add following tables. 29 | 30 | Users type of password is set to SHA and must be insert with following commnad: 31 | **INSERT INTO `virtual_users` (`id`, `domain_id`, `password` , `email`) VALUES ('1', '1', ENCRYPT('password123', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'info@domain.com');** 32 | 33 | ``` 34 | CREATE TABLE `virtual_aliases` ( 35 | `id` int(11) NOT NULL, 36 | `domain_id` int(11) NOT NULL, 37 | `source` varchar(100) NOT NULL, 38 | `destination` varchar(100) NOT NULL 39 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 40 | 41 | CREATE TABLE `virtual_domains` ( 42 | `id` int(11) NOT NULL, 43 | `name` varchar(50) NOT NULL 44 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 45 | 46 | CREATE TABLE `virtual_users` ( 47 | `id` int(11) NOT NULL, 48 | `domain_id` int(11) NOT NULL, 49 | `password` varchar(106) NOT NULL, 50 | `email` varchar(120) NOT NULL 51 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 52 | 53 | ALTER TABLE `virtual_aliases` 54 | ADD PRIMARY KEY (`id`), 55 | ADD KEY `domain_id` (`domain_id`); 56 | 57 | ALTER TABLE `virtual_domains` 58 | ADD PRIMARY KEY (`id`); 59 | 60 | ALTER TABLE `virtual_users` 61 | ADD PRIMARY KEY (`id`), 62 | ADD UNIQUE KEY `email` (`email`), 63 | ADD KEY `domain_id` (`domain_id`); 64 | 65 | ALTER TABLE `virtual_aliases` 66 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; 67 | 68 | ALTER TABLE `virtual_domains` 69 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; 70 | 71 | ALTER TABLE `virtual_users` 72 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; 73 | 74 | ALTER TABLE `virtual_aliases` 75 | ADD CONSTRAINT `virtual_aliases_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `virtual_domains` (`id`) ON DELETE CASCADE; 76 | 77 | ALTER TABLE `virtual_users` 78 | ADD CONSTRAINT `virtual_users_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `virtual_domains` (`id`) ON DELETE CASCADE; 79 | ``` 80 | 81 | !!! mysql-virtual-alias-maps.cf, mysql-virtual-mailbox-domains.cf, mysql-virtual-mailbox-maps.cf files must have yours connection to mysql server. 82 | 83 | ## Notes 84 | If you want to debug postfix uncomment in etc/postfix/main.. 85 | - debug_peer_list=mail.razdavalnik.bg 86 | - debug_peer_level=3 87 | - Check logs in /var/log/mail.log or /var/log/mail.err 88 | 89 | If you want to generate password for user from terminal write this 90 | - **doveadm pw -s SHA512-CRYPT** 91 | 92 | If you want to set new domain with email: 93 | - Set MX Recort of domain to point to your main.cf - myhostname (in this example mail.domain.com) 94 | - Add to virtual_domains table the domain name of email 95 | - Add user with password to virtual_users and point domain_id to the domain it is.. (email column must be full email) 96 | - Add folder for domain and in her add folder of user /var/mail/vhosts 97 | - sudo service postfix restart 98 | 99 | If you want to add domain alias just add source of domain pointer domain_id to yours and destination can be what you want ;) (must not have virtual user if you add alias)! 100 | 101 | Add directory for every user in /var/mail/vhosts/domain.com/info/ .. 102 | 103 | 104 | ## Add plugin for roundcube for password change ;) 105 | - Download the plugin: https://github.com/roundcube/roundcubemail/tree/master/plugins/password 106 | - In the config.inc.php add $config['plugins'] = array('password'); 107 | - $config['db_dsnw'] = 'mysql://user:pass@localhost/roundcube (this must have it before but.. check it) 108 | - Go to plugins/password/ and add config.inc.php 109 | - To config[password_db_dsn] add mysql:// connection to postfix database 110 | - To config[password_query] add the query: 'UPDATE virtual_users SET password=ENCRYPT(%p, CONCAT(\'$6$\', SUBSTRING(SHA(RAND()), -16))) WHERE email=%u LIMIT 1' 111 | 112 | If we have warning for password change.. go to logs in roundcube directory to check it.. maybe query is wrong.. 113 | 114 | ## SPF Checking integration with python 115 | ### Install the spf written on python: 116 | - sudo apt-get install postfix-policyd-spf-python 117 | 118 | ### Enabling the Policy Service: 119 | In /etc/postfix/main.cf you will need to add the following line (it doesn't matter where, usually they get added to the end. 120 | 121 | - policy-spf_time_limit = 3600s 122 | 123 | ### Add this section to /etc/postfix/master.cf for the Python script 124 | 125 | ``` 126 | policy-spf unix - n n - - spawn 127 | user=nobody argv=/usr/bin/policyd-spf 128 | ``` 129 | Finally, you need to add the policy service to your smtpd_recipient_restrictions in file /etc/postfix/main.cf: 130 | ``` 131 | smtpd_recipient_restrictions = 132 | ... 133 | permit_sasl_authenticated 134 | permit_mynetworks 135 | reject_unauth_destination 136 | check_policy_service unix:private/policy-spf 137 | ... 138 | ``` 139 | 140 | Add **v=spf1 a mx -all** to TXT Records of email domains to prevent spam 141 | 142 | # Installation of DKIM 143 | ## Among others, Google Gmail and Yahoo mail check your email for a DKIM signature!! (also spf) 144 | 145 | sudo apt-get install opendkim opendkim-tools 146 | 147 | sudo vim /etc/opendkim.conf 148 | 149 | Add this options 150 | 151 | ``` 152 | AutoRestart Yes 153 | AutoRestartRate 10/1h 154 | UMask 002 155 | Syslog yes 156 | SyslogSuccess Yes 157 | LogWhy Yes 158 | 159 | Canonicalization relaxed/simple 160 | 161 | ExternalIgnoreList refile:/etc/opendkim/TrustedHosts 162 | InternalHosts refile:/etc/opendkim/TrustedHosts 163 | KeyTable refile:/etc/opendkim/KeyTable 164 | SigningTable refile:/etc/opendkim/SigningTable 165 | 166 | Mode sv 167 | PidFile /var/run/opendkim/opendkim.pid 168 | SignatureAlgorithm rsa-sha256 169 | 170 | UserID opendkim:opendkim 171 | 172 | Socket inet:12301@localhost 173 | ``` 174 | 175 | Explain the config: 176 | - AutoRestart: auto restart the filter on failures 177 | - AutoRestartRate: specifies the filter's maximum restart rate, if restarts begin to happen faster than this rate, the filter will terminate; 10/1h - 10 restarts/hour are allowed at most 178 | - UMask: gives all access permissions to the user group defined by UserID and allows other users to read and execute files, in this case it will allow the creation and modification of a Pid file. 179 | - Syslog, SyslogSuccess, *LogWhy: these parameters enable detailed logging via calls to syslog 180 | - Canonicalization: defines the canonicalization methods used at message signing, the simple method allows almost no modification while the relaxed one tolerates minor changes such as 181 | whitespace replacement; relaxed/simple - the message header will be processed with the relaxed algorithm and the body with the simple one 182 | - ExternalIgnoreList: specifies the external hosts that can send mail through the server as one of the signing domains without credentials 183 | - InternalHosts: defines a list of internal hosts whose mail should not be verified but signed instead 184 | - KeyTable: maps key names to signing keys 185 | - SigningTable: lists the signatures to apply to a message based on the address found in the From: header field 186 | - Mode: declares operating modes; in this case the milter acts as a signer (s) and a verifier (v) 187 | - PidFile: the path to the Pid file which contains the process identification number 188 | - SignatureAlgorithm: selects the signing algorithm to use when creating signatures 189 | - UserID: the opendkim process runs under this user and group 190 | - Socket: the milter will listen on the socket specified here, Posfix will send messages to opendkim for signing and verification through this socket; 12301@localhost defines a TCP socket that listens on localhost, port 12301 191 | 192 | sudo vim /etc/default/opendkim 193 | Add this: SOCKET="inet:12301@localhost" 194 | 195 | sudo vim /etc/postfix/main.cf 196 | 197 | milter_protocol = 2 198 | milter_default_action = accept 199 | smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301 200 | non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301 201 | smtpd_milters = inet:localhost:12301 202 | non_smtpd_milters = inet:localhost:12301 203 | 204 | sudo mkdir /etc/opendkim 205 | sudo mkdir /etc/opendkim/keys 206 | 207 | sudo vim /etc/opendkim/TrustedHosts 208 | 209 | ``` 210 | 127.0.0.1 211 | localhost 212 | 192.168.0.1/24 213 | 214 | *.example.com 215 | 216 | #*.example.net 217 | #*.example.org 218 | ``` 219 | 220 | sudo vim /etc/opendkim/KeyTable 221 | 222 | mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private 223 | (#)mail._domainkey.example.net example.net:mail:/etc/opendkim/keys/example.net/mail.private 224 | (#)mail._domainkey.example.org example.org:mail:/etc/opendkim/keys/example.org/mail.private 225 | 226 | sudo vim /etc/opendkim/SigningTable 227 | 228 | *@example.com mail._domainkey.example.com 229 | (#)*@example.net mail._domainkey.example.net 230 | (#)*@example.org mail._domainkey.example.org 231 | 232 | cd /etc/opendkim/keys 233 | sudo mkdir example.com 234 | cd example.com 235 | 236 | Generate the keys: 237 | sudo opendkim-genkey -s mail -d example.com 238 | 239 | Change the owner of the private key to opendkim: 240 | sudo chown opendkim:opendkim mail.private 241 | 242 | ## Add the public key to the domain's DNS records 243 | sudo vim mail.txt 244 | 245 | The dns record must be like this: 246 | Name: mail._domainkey.example.com. 247 | 248 | Text: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB" 249 | 250 | sudo service postfix restart 251 | sudo service opendkim restart 252 | 253 | ENJOY Autherificated! ;) 254 | -------------------------------------------------------------------------------- /etc/dovecot/conf.d/10-mail.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Mailbox locations and namespaces 3 | ## 4 | 5 | # Location for users' mailboxes. The default is empty, which means that Dovecot 6 | # tries to find the mailboxes automatically. This won't work if the user 7 | # doesn't yet have any mail, so you should explicitly tell Dovecot the full 8 | # location. 9 | # 10 | # If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) 11 | # isn't enough. You'll also need to tell Dovecot where the other mailboxes are 12 | # kept. This is called the "root mail directory", and it must be the first 13 | # path given in the mail_location setting. 14 | # 15 | # There are a few special variables you can use, eg.: 16 | # 17 | # %u - username 18 | # %n - user part in user@domain, same as %u if there's no domain 19 | # %d - domain part in user@domain, empty if there's no domain 20 | # %h - home directory 21 | # 22 | # See doc/wiki/Variables.txt for full list. Some examples: 23 | # 24 | # mail_location = maildir:~/Maildir 25 | # mail_location = mbox:~/mail:INBOX=/var/mail/%u 26 | # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n 27 | # 28 | # 29 | # 30 | mail_location = maildir:/var/mail/vhosts/%d/%n 31 | 32 | mail_privileged_group = mail 33 | 34 | # If you need to set multiple mailbox locations or want to change default 35 | # namespace settings, you can do it by defining namespace sections. 36 | # 37 | # You can have private, shared and public namespaces. Private namespaces 38 | # are for user's personal mails. Shared namespaces are for accessing other 39 | # users' mailboxes that have been shared. Public namespaces are for shared 40 | # mailboxes that are managed by sysadmin. If you create any shared or public 41 | # namespaces you'll typically want to enable ACL plugin also, otherwise all 42 | # users can access all the shared mailboxes, assuming they have permissions 43 | # on filesystem level to do so. 44 | namespace inbox { 45 | # Namespace type: private, shared or public 46 | #type = private 47 | 48 | # Hierarchy separator to use. You should use the same separator for all 49 | # namespaces or some clients get confused. '/' is usually a good one. 50 | # The default however depends on the underlying mail storage format. 51 | #separator = 52 | 53 | # Prefix required to access this namespace. This needs to be different for 54 | # all namespaces. For example "Public/". 55 | #prefix = 56 | 57 | # Physical location of the mailbox. This is in same format as 58 | # mail_location, which is also the default for it. 59 | #location = 60 | 61 | # There can be only one INBOX, and this setting defines which namespace 62 | # has it. 63 | inbox = yes 64 | 65 | # If namespace is hidden, it's not advertised to clients via NAMESPACE 66 | # extension. You'll most likely also want to set list=no. This is mostly 67 | # useful when converting from another server with different namespaces which 68 | # you want to deprecate but still keep working. For example you can create 69 | # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". 70 | #hidden = no 71 | 72 | # Show the mailboxes under this namespace with LIST command. This makes the 73 | # namespace visible for clients that don't support NAMESPACE extension. 74 | # "children" value lists child mailboxes, but hides the namespace prefix. 75 | #list = yes 76 | 77 | # Namespace handles its own subscriptions. If set to "no", the parent 78 | # namespace handles them (empty prefix should always have this as "yes") 79 | #subscriptions = yes 80 | 81 | # See 15-mailboxes.conf for definitions of special mailboxes. 82 | } 83 | 84 | # Example shared namespace configuration 85 | #namespace { 86 | #type = shared 87 | #separator = / 88 | 89 | # Mailboxes are visible under "shared/user@domain/" 90 | # %%n, %%d and %%u are expanded to the destination user. 91 | #prefix = shared/%%u/ 92 | 93 | # Mail location for other users' mailboxes. Note that %variables and ~/ 94 | # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the 95 | # destination user's data. 96 | #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u 97 | 98 | # Use the default namespace for saving subscriptions. 99 | #subscriptions = no 100 | 101 | # List the shared/ namespace only if there are visible shared mailboxes. 102 | #list = children 103 | #} 104 | # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? 105 | #mail_shared_explicit_inbox = no 106 | 107 | # System user and group used to access mails. If you use multiple, userdb 108 | # can override these by returning uid or gid fields. You can use either numbers 109 | # or names. 110 | #mail_uid = 111 | #mail_gid = 112 | 113 | # Group to enable temporarily for privileged operations. Currently this is 114 | # used only with INBOX when either its initial creation or dotlocking fails. 115 | # Typically this is set to "mail" to give access to /var/mail. 116 | #mail_privileged_group = 117 | 118 | # Grant access to these supplementary groups for mail processes. Typically 119 | # these are used to set up access to shared mailboxes. Note that it may be 120 | # dangerous to set these if users can create symlinks (e.g. if "mail" group is 121 | # set here, ln -s /var/mail ~/mail/var could allow a user to delete others' 122 | # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). 123 | #mail_access_groups = 124 | 125 | # Allow full filesystem access to clients. There's no access checks other than 126 | # what the operating system does for the active UID/GID. It works with both 127 | # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ 128 | # or ~user/. 129 | #mail_full_filesystem_access = no 130 | 131 | # Dictionary for key=value mailbox attributes. This is used for example by 132 | # URLAUTH and METADATA extensions. 133 | #mail_attribute_dict = 134 | 135 | # A comment or note that is associated with the server. This value is 136 | # accessible for authenticated users through the IMAP METADATA server 137 | # entry "/shared/comment". 138 | #mail_server_comment = "" 139 | 140 | # Indicates a method for contacting the server administrator. According to 141 | # RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that 142 | # is currently not enforced. Use for example mailto:admin@example.com. This 143 | # value is accessible for authenticated users through the IMAP METADATA server 144 | # entry "/shared/admin". 145 | #mail_server_admin = 146 | 147 | ## 148 | ## Mail processes 149 | ## 150 | 151 | # Don't use mmap() at all. This is required if you store indexes to shared 152 | # filesystems (NFS or clustered filesystem). 153 | #mmap_disable = no 154 | 155 | # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL 156 | # since version 3, so this should be safe to use nowadays by default. 157 | #dotlock_use_excl = yes 158 | 159 | # When to use fsync() or fdatasync() calls: 160 | # optimized (default): Whenever necessary to avoid losing important data 161 | # always: Useful with e.g. NFS when write()s are delayed 162 | # never: Never use it (best performance, but crashes can lose data) 163 | #mail_fsync = optimized 164 | 165 | # Locking method for index files. Alternatives are fcntl, flock and dotlock. 166 | # Dotlocking uses some tricks which may create more disk I/O than other locking 167 | # methods. NFS users: flock doesn't work, remember to change mmap_disable. 168 | #lock_method = fcntl 169 | 170 | # Directory in which LDA/LMTP temporarily stores incoming mails >128 kB. 171 | #mail_temp_dir = /tmp 172 | 173 | # Valid UID range for users, defaults to 500 and above. This is mostly 174 | # to make sure that users can't log in as daemons or other system users. 175 | # Note that denying root logins is hardcoded to dovecot binary and can't 176 | # be done even if first_valid_uid is set to 0. 177 | #first_valid_uid = 500 178 | #last_valid_uid = 0 179 | 180 | # Valid GID range for users, defaults to non-root/wheel. Users having 181 | # non-valid GID as primary group ID aren't allowed to log in. If user 182 | # belongs to supplementary groups with non-valid GIDs, those groups are 183 | # not set. 184 | #first_valid_gid = 1 185 | #last_valid_gid = 0 186 | 187 | # Maximum allowed length for mail keyword name. It's only forced when trying 188 | # to create new keywords. 189 | #mail_max_keyword_length = 50 190 | 191 | # ':' separated list of directories under which chrooting is allowed for mail 192 | # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). 193 | # This setting doesn't affect login_chroot, mail_chroot or auth chroot 194 | # settings. If this setting is empty, "/./" in home dirs are ignored. 195 | # WARNING: Never add directories here which local users can modify, that 196 | # may lead to root exploit. Usually this should be done only if you don't 197 | # allow shell access for users. 198 | #valid_chroot_dirs = 199 | 200 | # Default chroot directory for mail processes. This can be overridden for 201 | # specific users in user database by giving /./ in user's home directory 202 | # (eg. /home/./user chroots into /home). Note that usually there is no real 203 | # need to do chrooting, Dovecot doesn't allow users to access files outside 204 | # their mail directory anyway. If your home directories are prefixed with 205 | # the chroot directory, append "/." to mail_chroot. 206 | #mail_chroot = 207 | 208 | # UNIX socket path to master authentication server to find users. 209 | # This is used by imap (for shared users) and lda. 210 | #auth_socket_path = /var/run/dovecot/auth-userdb 211 | 212 | # Directory where to look up mail plugins. 213 | #mail_plugin_dir = /usr/lib/dovecot/modules 214 | 215 | # Space separated list of plugins to load for all services. Plugins specific to 216 | # IMAP, LDA, etc. are added to this list in their own .conf files. 217 | #mail_plugins = 218 | 219 | ## 220 | ## Mailbox handling optimizations 221 | ## 222 | 223 | # Mailbox list indexes can be used to optimize IMAP STATUS commands. They are 224 | # also required for IMAP NOTIFY extension to be enabled. 225 | #mailbox_list_index = no 226 | 227 | # The minimum number of mails in a mailbox before updates are done to cache 228 | # file. This allows optimizing Dovecot's behavior to do less disk writes at 229 | # the cost of more disk reads. 230 | #mail_cache_min_mail_count = 0 231 | 232 | # When IDLE command is running, mailbox is checked once in a while to see if 233 | # there are any new mails or other changes. This setting defines the minimum 234 | # time to wait between those checks. Dovecot can also use inotify and 235 | # kqueue to find out immediately when changes occur. 236 | #mailbox_idle_check_interval = 30 secs 237 | 238 | # Save mails with CR+LF instead of plain LF. This makes sending those mails 239 | # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. 240 | # But it also creates a bit more disk I/O which may just make it slower. 241 | # Also note that if other software reads the mboxes/maildirs, they may handle 242 | # the extra CRs wrong and cause problems. 243 | #mail_save_crlf = no 244 | 245 | # Max number of mails to keep open and prefetch to memory. This only works with 246 | # some mailbox formats and/or operating systems. 247 | #mail_prefetch_count = 0 248 | 249 | # How often to scan for stale temporary files and delete them (0 = never). 250 | # These should exist only after Dovecot dies in the middle of saving mails. 251 | #mail_temp_scan_interval = 1w 252 | 253 | ## 254 | ## Maildir-specific settings 255 | ## 256 | 257 | # By default LIST command returns all entries in maildir beginning with a dot. 258 | # Enabling this option makes Dovecot return only entries which are directories. 259 | # This is done by stat()ing each entry, so it causes more disk I/O. 260 | # (For systems setting struct dirent->d_type, this check is free and it's 261 | # done always regardless of this setting) 262 | #maildir_stat_dirs = no 263 | 264 | # When copying a message, do it with hard links whenever possible. This makes 265 | # the performance much better, and it's unlikely to have any side effects. 266 | #maildir_copy_with_hardlinks = yes 267 | 268 | # Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only 269 | # when its mtime changes unexpectedly or when we can't find the mail otherwise. 270 | #maildir_very_dirty_syncs = no 271 | 272 | # If enabled, Dovecot doesn't use the S= in the Maildir filenames for 273 | # getting the mail's physical size, except when recalculating Maildir++ quota. 274 | # This can be useful in systems where a lot of the Maildir filenames have a 275 | # broken size. The performance hit for enabling this is very small. 276 | #maildir_broken_filename_sizes = no 277 | 278 | # Always move mails from new/ directory to cur/, even when the \Recent flags 279 | # aren't being reset. 280 | #maildir_empty_new = no 281 | 282 | ## 283 | ## mbox-specific settings 284 | ## 285 | 286 | # Which locking methods to use for locking mbox. There are four available: 287 | # dotlock: Create .lock file. This is the oldest and most NFS-safe 288 | # solution. If you want to use /var/mail/ like directory, the users 289 | # will need write access to that directory. 290 | # dotlock_try: Same as dotlock, but if it fails because of permissions or 291 | # because there isn't enough disk space, just skip it. 292 | # fcntl : Use this if possible. Works with NFS too if lockd is used. 293 | # flock : May not exist in all systems. Doesn't work with NFS. 294 | # lockf : May not exist in all systems. Doesn't work with NFS. 295 | # 296 | # You can use multiple locking methods; if you do the order they're declared 297 | # in is important to avoid deadlocks if other MTAs/MUAs are using multiple 298 | # locking methods as well. Some operating systems don't allow using some of 299 | # them simultaneously. 300 | # 301 | # The Debian value for mbox_write_locks differs from upstream Dovecot. It is 302 | # changed to be compliant with Debian Policy (section 11.6) for NFS safety. 303 | # Dovecot: mbox_write_locks = dotlock fcntl 304 | # Debian: mbox_write_locks = fcntl dotlock 305 | # 306 | #mbox_read_locks = fcntl 307 | #mbox_write_locks = fcntl dotlock 308 | 309 | # Maximum time to wait for lock (all of them) before aborting. 310 | #mbox_lock_timeout = 5 mins 311 | 312 | # If dotlock exists but the mailbox isn't modified in any way, override the 313 | # lock file after this much time. 314 | #mbox_dotlock_change_timeout = 2 mins 315 | 316 | # When mbox changes unexpectedly we have to fully read it to find out what 317 | # changed. If the mbox is large this can take a long time. Since the change 318 | # is usually just a newly appended mail, it'd be faster to simply read the 319 | # new mails. If this setting is enabled, Dovecot does this but still safely 320 | # fallbacks to re-reading the whole mbox file whenever something in mbox isn't 321 | # how it's expected to be. The only real downside to this setting is that if 322 | # some other MUA changes message flags, Dovecot doesn't notice it immediately. 323 | # Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK 324 | # commands. 325 | #mbox_dirty_syncs = yes 326 | 327 | # Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, 328 | # EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. 329 | #mbox_very_dirty_syncs = no 330 | 331 | # Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK 332 | # commands and when closing the mailbox). This is especially useful for POP3 333 | # where clients often delete all mails. The downside is that our changes 334 | # aren't immediately visible to other MUAs. 335 | #mbox_lazy_writes = yes 336 | 337 | # If mbox size is smaller than this (e.g. 100k), don't write index files. 338 | # If an index file already exists it's still read, just not updated. 339 | #mbox_min_index_size = 0 340 | 341 | # Mail header selection algorithm to use for MD5 POP3 UIDLs when 342 | # pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired 343 | # algorithm, but it fails if the first Received: header isn't unique in all 344 | # mails. An alternative algorithm is "all" that selects all headers. 345 | #mbox_md5 = apop3d 346 | 347 | ## 348 | ## mdbox-specific settings 349 | ## 350 | 351 | # Maximum dbox file size until it's rotated. 352 | #mdbox_rotate_size = 2M 353 | 354 | # Maximum dbox file age until it's rotated. Typically in days. Day begins 355 | # from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. 356 | #mdbox_rotate_interval = 0 357 | 358 | # When creating new mdbox files, immediately preallocate their size to 359 | # mdbox_rotate_size. This setting currently works only in Linux with some 360 | # filesystems (ext4, xfs). 361 | #mdbox_preallocate_space = no 362 | 363 | ## 364 | ## Mail attachments 365 | ## 366 | 367 | # sdbox and mdbox support saving mail attachments to external files, which 368 | # also allows single instance storage for them. Other backends don't support 369 | # this for now. 370 | 371 | # Directory root where to store mail attachments. Disabled, if empty. 372 | #mail_attachment_dir = 373 | 374 | # Attachments smaller than this aren't saved externally. It's also possible to 375 | # write a plugin to disable saving specific attachments externally. 376 | #mail_attachment_min_size = 128k 377 | 378 | # Filesystem backend to use for saving attachments: 379 | # posix : No SiS done by Dovecot (but this might help FS's own deduplication) 380 | # sis posix : SiS with immediate byte-by-byte comparison during saving 381 | # sis-queue posix : SiS with delayed comparison and deduplication 382 | #mail_attachment_fs = sis posix 383 | 384 | # Hash format to use in attachment filenames. You can add any text and 385 | # variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. 386 | # Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits 387 | #mail_attachment_hash = %{sha1} 388 | --------------------------------------------------------------------------------